U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:5.13.11:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 996 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2023-6931

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.

Published: December 19, 2023; 9:15:08 AM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2023-6817

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.

Published: December 18, 2023; 10:15:10 AM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-50431

sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.

Published: December 09, 2023; 6:15:07 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-6560

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

Published: December 08, 2023; 7:15:07 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-6622

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.

Published: December 08, 2023; 1:15:07 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-39198

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.

Published: November 09, 2023; 3:15:08 PM -0500
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2023-6039

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

Published: November 09, 2023; 10:15:09 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-5090

A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

Published: November 06, 2023; 6:15:09 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-47233

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.

Published: November 03, 2023; 5:15:17 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-1476

A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.

Published: November 03, 2023; 5:15:13 AM -0400
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2023-1194

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.

Published: November 03, 2023; 4:15:07 AM -0400
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2023-1193

A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.

Published: November 01, 2023; 4:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-1192

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.

Published: November 01, 2023; 4:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-5178

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

Published: November 01, 2023; 1:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-46862

An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.

Published: October 29, 2023; 12:15:11 AM -0400
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2023-46813

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

Published: October 26, 2023; 11:15:08 PM -0400
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2023-5717

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

Published: October 25, 2023; 2:17:43 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Published: October 23, 2023; 6:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-45898

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.

Published: October 15, 2023; 11:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-40791

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

Published: October 15, 2023; 11:15:09 PM -0400
V3.1: 6.3 MEDIUM
V2.0:(not available)